icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote Windows host contains a version of Adobe AIR player that is earlier than 1.5.3. Such versions are reportedly affected by multiple vulnerabilities :

- A vulnerability in the parsing of JPEG data that could potentially lead to code execution. (CVE-2009-3794)

- A data injection vulnerability that could potentially lead to code execution. (CVE-2009-3796)

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-3797)

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-3798)

- An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-3799)

- Multiple crash vulnerabilities that could potentially lead to code execution. (CVE-2009-3800)

- A Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure. (CVE-2009-3951)

Solution

Upgrade to Adobe AIR 1.5.3 or later.